oss-security - CVE request kernel: flood ping cause out-of-iommu error and panic when mtu larger than 1500

Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Date: Thu, 15 Oct 2009 14:20:00 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request kernel: flood ping cause out-of-iommu error and panic
 when mtu larger than 1500

Executing ping -f -s 3000 IP in a certain network setup could trigger an 
out-of-IOMMU error, leading to a denial of service.

Steps to reproduce the issue:
https://bugzilla.redhat.com/show_bug.cgi?id=529137#c0

Triggering the issue would result in:
PCI-DMA: Out of IOMMU space for 7222 bytes at device 0000:03:00.0
PCI-DMA: Out of IOMMU space for 7222 bytes at device 0000:03:00.0
<Repeated Many Many Times>
PCI-DMA: Out of IOMMU space for 7222 bytes at device 0000:03:00.0
PCI-DMA: Out of IOMMU space for 7222 bytes at device 0000:03:00.0

HARDWARE ERROR
CPU 0: Machine Check Exception:                7 Bank 4: bc0000000005001b
RIP 10:<ffffffff8006b2b0> {default_idle+0x29/0x50}
TSC 10116da2355 ADDR 4000000 MISC c008000001000000
This is not a software problem!
Run through mcelog --ascii to decode and contact your hardware vendor
Kernel panic - not syncing: Uncorrected machine check
  <7>APIC error on CPU2: 00(08)

Upstream commits:
http://git.kernel.org/linus/a866bbf6aacf95f849810079442a20be118ce905
http://git.kernel.org/linus/97d477a914b146e7e6722ded21afa79886ae8ccd

References:
http://bugzilla.kernel.org/show_bug.cgi?id=9468
https://bugzilla.redhat.com/show_bug.cgi?id=529137

Thanks, Eugene

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.